4

I need to generate random numbers for a lottery game, the lottery front-end will work in flash AS3 the idea is to run a script that generates 10 random numbers (the winners) and save them in a SQL database

What's a reliable way to create random numbers? Is js Math.rand() function reliable enough for a lottery?

On wikipedia I found Fortuna a "cryptographically secure pseudorandom number generator" that is inclucded in the Javascript Crypto Library.

Another option is the web site http://www.random.org, it offers a free API to provide random numbers, but what guaranties can it offer?

Gusepo
  • 837
  • 2
  • 13
  • 26

3 Answers3

2

It seems that random.org is basing its numbers off of static noise, which is pretty random, well more random than the javascript random library, which is probably basing its randomness on some time algorithm.

assylias
  • 321,522
  • 82
  • 660
  • 783
Kenneth Jakobsen
  • 458
  • 3
  • 11
2

The javascript Math.rand() is unlikely to be good enough for a lottery, as the specification does not require it to be cryptographically secure. For instance, there are known weaknesses in the generator used in some versions of Chrome.

What you would need would be a cryptographically secure pseudo random number generator (such as blum-blum-shub), and a way of seeding it. You need a good way of seeding it because if anyone can figure out what seed you used, they will be able to generate all the lottery numbers. You would probably want to seed the pseudo-random generator with a genuinely random, rather than a pesudo random number. This would require a hardware random number generator. Random.org supposedly provides a source of genuinely random numbers, however if anyone were to eavesdrop on your connection to random.org, they could still discover your random seed. You might prefer to invest in your own hardware, rather than rely on someone external.

Infact, unless you needed an awful lot of random numbers (much more than 10) there would be little point in using any pseudo random number generator at all. You might as well get all your random numbers from a true, hadware, random number generator.

Matt
  • 569
  • 1
  • 4
  • 16
1

If the lottery involves money (purchasing 'tickets' and paying prizes) then you may need to be able to demonstrate that you are using 'real' random numbers. In that case you might want to invest in your own hardware for generating random numbers. A quick search reveals a few, for example this one.

Otherwise, either of the two pseudorandom sources would seem adequate to me.

Andy Johnson
  • 7,938
  • 4
  • 33
  • 50